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e 18 years in Yahoo 
e Software Architect in Media Infrastructure Team 
e Volunteer in OSPO 


e Apache Traffic Server PMC/Committer 
e Wasm, Lua, ESI plugins 


i e WebAssembly + ATS == Framework to build 
yahoo; functionality on your edge! 


Apache Traffic 
Server 


ATS & Yahoo! 


Yahoo Data Center / Cloud 


Finance Homepage 


DDOS protection 
Privacy Control 


Cookie Managemen 


Routing 
Redirect 
Bucketing 
Caching 
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Extending ATS / Building Features 


e C++ plugins 
o Allow extension of HTTP/TLS handling for connections with clients and origins 
o Steep Learning curve 
e Domain Specific Languages plugin (header_rewrite / txn_box / etc) 
o Invented language, Not turing complete, no unit test framework 
o Hard to expand 
e Lua plugin 
o Easier to learn a scripting language 
o LuajJIT FFI allows expansion with shared libraries 
o Popularity? 
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Proxy-Wasm é 
Wasm Plugin 


Proxy-Wasm 


e WebAssembly for Proxies 
e Specification 
o Like a “WASI for Proxy” 
e Library 
o Implement the spec and provide integration with proxy 


o Integrate with different runtime - WAMR, Wasmtime, WasmEdge, V8 
o Existing Implementations - Envoy, MOSN, Nginx, ATS 


e SDK 


o Help to compile programs to wasm modules following the spec 
o Official - C++, Rust 
o Third party - AssemblyScript, TinyGo, Zig 
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More for proxy-wasm 


e Community with tie to “wasi-http” 
e Partial WASI support is part of the Spec 
o  Environ_get / environ_sizes_get 
o  random_get 
o clock_time get 
o fd_write (for stderr, stdout) 


yahoo! 


ATS Plugin Architecture 


yahoo! 


With handler functions for proxy to call (1) 
Calling API functions that the proxy provides (2) 


Origin 


Client 


Wasm runtime 


Wasm 
module 


Example in Rust (Snippet) 


impl HttpContext for HttpHeaders { match self.get_http_request_header("token") { 
fn on_http_request_headers(&mut self, _: usize, _: bool) -> Action { Some(token) if token.parse::<u64>().is_ok() && is_prime(token.parse().unwrap()) => { 
for (name, value) in &self.get_http_request_headers() { tracel("It is primel!!"); 
let s3 = format!("In WASM: #{} -> {}: {F",self.context_id, name, Action::Continue 
value); 
} 
trace!("{}", s3); 
=> 
} trace!("It is not prime!!! That's true."); 
if let Some(ua) = self.get_http_request_header("User-Agent") { 
self.send_http_response( 
ifua!=""{ 
403, 
trace!("UA is {}", ua); 
vec![("Powered-By", "proxy-wasm")], 
} Some(b"Access forbidden.\n"), 
} 
); 
Action::Pause 
} 
7 } 
yahoo: 


Real World Example - WAF 


e Coraza 
o Open Source WAF library in Go 
o Compatible with ModSecurity Ruleset 
e Coraza Proxy-wasm module 
o WASM module to be used with Envoy 
o Compiled with TinyGo SDK 


e It works with ATS with the Wasm Plugin! 
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Real World Example - Al Inference with WASI-nn 


WASI-nn - proposed WASI API for machine learning 
Proxy can do Al Inference with deployed model 
Need to be supported by underlying WASM runtime 
Example coming soon! 
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Benefits 


Support many programming languages 
Standard/specification promote interoperability 
Safety with Sandboxed approach 

Promising future 
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Limitations 


e No ATS support in proxy-wasm spec for 
o Getting and setting trailer request and response header 
o Getting and setting data in HTTP/2 meta data frame 
o Support on GRPC lifecycle handler functions 
e No support for ATS Specific features 
o E.g. caching API 
o Can be implemented outside of spec 
o But it will break interoperability 
e Production Readiness / Performance Improvement 
o Choice of Runtime 


yahoo/ 


Performance Testing 


e Experiments done between Lua script, DSL script and Wasm module 
e Lua script / DSL script < Wasm module -> LuaJIT is AWESOME!!! 
e Resource Contention inside Wasm plugin - 


a 


(tis state ) 


Other Tips / Techniques for Wasm Optimization 


Language Choice 

AOT - ahead of time compilation 
Compiler Flags 

wasm-opt 

Choice of Runtime? 
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Wasm Runtimes 


Big Decision to Choose 


The field evolves rapidly 
Each with different characteristics 
Change of runtime only possible for simple program 


Major investment involved when tools are used (e.g. profiling / debugging) 
o WAMR/Wasmtime - live debug support through Ildb 
o Wasmtime - profiling with perf 

e Different WASM proposals supported by different runtime 

e Performance 

e Trust in Security 

o Choice of implementation language 

o Maturity of processes handling CVE 


yahoo/ 


Runtime 


WAMR 


Bytecode Alliance project 

Written in C 

Interpreter or JIT / LLVM JIT 
Configurable options at compile time 
Low memory footprint 


Wasmtime 


Bytecode Alliance project 
Written in Rust 

Based on Cranelift 

High memory footprint 
yahoo? 


Runtime 


WasmEdge 


Written in C++ 

LLVM JIT 

High memory footprint 

Lots of focus on Al Inference use cases 


e Not yet supported in ATS Wasm plugin 
e Written in C++ 
e Many dependencies / Complicated to get it to work 
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Notes on Performance 


e Preliminary testing shows WAMR is the fastest 


e Inconclusive 
o each runtime has many configuration options 
o Default may not be suitable for proxy-wasm 
o More tests needed 
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summary 


ATS Wasm Plugin 


e Available now / Another option for extending ATS 
e Language supported - C++, Rust, TinyGo, AssemblyScript, Zig 
e Runtime supported - WAMR, wasmtime, WasmEdge 
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To Do 


Performance Testing/Improvement 
o Resource contention 
o Test runtimes with different configuration options 
e Tooling support 
o Profiling with perf 
o Debugging with Ildb 
e Use Cases 
o Al Inference with WASI-nn 
e Runtime Support 
o V8 
e Future 
o Component Model 
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Reference 


LAA 
e ATS Plugin development - https://docs.trafficserver.apache.org/en/latest/developer-guide/plugins/index.en.html 
e ATS header_rewrite plugin - https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/header rewrite.en.html 
e ATS Lua plugin - https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/lua.en.html 
e ATS Wasm plugin - https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/wasm.en.html 
. Proxy-wasm - https: //github.com/proxy-wasm 
° Proxy-wasm spec - https://github.com/proxy-wasm/spec 
e Proxy-wasm Library - https://github.com/proxy-wasm/proxy-wasm-cpp-host 
e Proxy-wasm C++ SDK - https://github.com/proxy-wasm/proxy-wasm-cpp-sdk 
e Proxy-wasm Rust SDK - https://github.com/proxy-wasm/proxy-wasm-rust-sdk 
e Rust example - https://github.com/apache/trafficserver/tree/master/plugins/experimental/wasm/examples/rust 
° Coraza - https://github.com/corazawaf/coraza 
e Coraza Proxy-wasm - https://github.com/corazawaf/coraza-proxy-wasm 
e Coraza Proxy-wasm in ATS - https://github.com/apache/trafficserver/tree/master/plugins/experimental/wasm/examples/tin 
e Wasi-nn - https://github.com/WebAssembly/wasi-nn 
° WAMR - https://github.com/bytecodealliance/wasm-micro-runtime 
° Wasmtime - https://github.com/bytecodealliance/wasmtime 
e WasmEdge - https://github.com/WasmEdge/WasmEdge 
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